Malware Survey
Blackhat's underway, and while Kaminsky's DNS vulnerability continues to garner the lionshare of attention, there are other interesting malware-related developments that I thought would be worth surveying here. This is not an exhaustive list, of course. Just ones that caught my eye for one reason or another.
For all the Facebook/MySpace lovers out there, blackhat researchers are due to demonstrate a file that the web server treats as a Gif, but the endpoint processes as a jar archive. Kaspersky as also identified a worm that is spreading through MySpace and Facebook.
Storm continues to chug along and find ways to add people to its botnet. The latest is attempt is via an "FBI vs Facebook" spam. Given Storm's history of looking to capitalize on events around the world, I'd look for more as the Summer Olympics gear up.
In a development that surprises none of us, but is a bummer for all of us, Information Week has an article on a recent Websense survey that 75% of sites serving malicious code are legitimate sites that have been compromised. According to the article this is a 50% jump over the previous 6 months.
Finally, Twitter has apparently reached a level where it is now also worthy for use as an attack vector, prompting users to download malware disguised as an updated codec for Adobe Flash player.
What's any of this to do with NAC? It highlights two points that I've drummed on before: (1) the critical importance of a post-admission security and detection strategy, and (2) the importance of isolation and cleanup of infected hosts.
Comments